Systems and Methods for Mining Temporal Requirements from Block Diagram Models of Control Systems

ABSTRACT

Systems and methods for mining a temporal requirement from a block diagram model of a closed loop control system are disclosed. One embodiment of a method includes simulating the closed loop control system of a vehicle to obtain simulation traces and determining a candidate requirement by instantiating a template requirement with values of the simulation traces to locate parameter values that suggest that the template requirement is fulfilled. Some embodiments of the method include determining whether a counterexample to the candidate requirement exists; and in response to determining that the counterexample to the candidate requirement exists, obtaining the counterexample to the candidate requirement and adding the counterexample to the simulation traces for inspection.

TECHNICAL FIELD

Embodiments described herein generally relate to mining temporal requirements from block diagram models and, more specifically, to systems and methods that utilize natural language requirements to test block diagram based automobile computer programs.

BACKGROUND

Industrial-scale automotive control systems are developed using model-based design (MBD). In model-based design, the designer first captures the dynamical characteristics of the plant, such as the physical parts of the system using differential, logical, and algebraic equations. This is collectively called the plant model, and examples include: model of the turbo rotational dynamics, the thermodynamic model of sub-systems within the engine, and atmospheric turbulence models. Based on certain high-level and often vaguely defined requirements, the designer then writes an executable specification model of the controller using block diagrams. Examples of informal requirements include, “better fuel-efficiency,” “better performance,” “lower emissions,” and “resistance to turbulence.” This step is followed by system testing, normally done as extensive simulations of the closed-loop system, which includes the plant and the controller with the goal of determining the time (or frequency) domain responses of the closed-loop system to complex sets of time-varying inputs. The process of validation then ideally requires the designer to determine if the time (or frequency) domain responses of the closed-loop system are consistent with the design goals or requirements. Otherwise, the model is corrected so that it meets its requirements

In the MBD process, requirements are often either informally expressed in natural language or at times even left unspecified. It is usually assumed that the control designer has sufficient domain expertise to determine the quality of the design by simply looking at the simulation results. As a consequence, most formal validation approaches reduce to just checking code coverage against established coverage metrics for the controller code, while largely ignoring the closed-loop characteristics of the system.

SUMMARY

Systems and methods for mining a temporal requirement from a block diagram model of a closed loop control system are disclosed. One embodiment of a method includes simulating the closed loop control system of a vehicle to obtain simulation traces and determining a candidate requirement by instantiating a template requirement with values of the simulation traces to locate parameter values that suggest that the template requirement is fulfilled. Some embodiments of the method include determining whether a counterexample to the candidate requirement exists; and in response to determining that the counterexample to the candidate requirement exists, obtaining the counterexample to the candidate requirement and adding the counterexample to the simulation traces for inspection.

In another embodiment, a system for mining a temporal requirement from a block diagram model of a closed loop control system includes a parameter synthesis tool for receiving random simulation traces and a template requirement, the parameter synthesis tool creating a candidate requirement by instantiating the template requirement with values of the random simulation traces to locate parameter values that suggests that the temporal requirement is obtained. Also included is a falsification tool for receiving the candidate requirement and the and the block diagram model and determining whether a counterexample to the candidate requirement exists and, in response to determining that a counterexample of the candidate requirement exists, adding the counterexample to the random simulation traces for inspection.

In yet another embodiment, a computing device includes a memory that stores logic that, when executed by the computing device, causes the computing device to determine a template requirement from a natural language expression received from a designer. The template requirement may include an undefined value. Additionally, the logic may cause the computing device to simulate the closed loop control system of an automobile to obtain simulation traces, and may create a candidate requirement by instantiating the template requirement with values of the simulation traces to locate parameter values that suggests that the temporal requirement is obtained. In some embodiments, the logic causes the computing device to determine whether a counterexample to the candidate requirement exists. In response to determining that the counterexample to the candidate requirement exists, the logic may cause the computing device to obtain the counterexample to the candidate requirement and add the counterexample to the simulation traces for inspection. In response to determining that a counterexample to the candidate requirement does not exist, the computing device determines an inferred requirement.

These and additional features provided by the embodiments of the present disclosure will be more fully understood in view of the following detailed description, in conjunction with the drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

The embodiments set forth in the drawings are illustrative and exemplary in nature and not intended to limit the disclosure. The following detailed description of the illustrative embodiments can be understood when read in conjunction with the following drawings, where like structure is indicated with like reference numerals and in which:

FIG. 1 depicts a computing device for mining a temporal requirement from a block diagram model of a closed loop control system, according to embodiments disclosed herein;

FIG. 2 depicts a functional block diagram illustrating operation of the mining tool, according to embodiments disclosed herein; and

FIG. 3 depicts a flowchart for mining a temporal requirement from a block diagram model of a closed loop control system, according to embodiments disclosed herein.

DETAILED DESCRIPTION

Embodiments disclosed herein include systems and methods for algorithmically mining temporal requirements from a block-diagram-based specification of a closed-loop control system model. The mined requirements may be expressed in signal temporal logic (STL), which is closely related to metric temporal logic (MTL) and their satisfaction is measured using robust semantics. Specifically, embodiments disclosed herein are focused on reverse-engineering specifications (also referred to herein as “requirements”) such as describing application program interface (API) usage rules. While many current approaches for mining requirements focus on static specification mining, these techniques are generally directed to mining the requirements without executing the software program. Conversely, embodiments disclosed herein are directed to mining specifications from executing the program.

Referring now to the drawings, FIG. 1 depicts a computing device for mining a temporal requirement from a block diagram model of a closed loop control system, according to embodiments disclosed herein. In the illustrated embodiment, the user computing device 102 includes a processor 130, input/output hardware 132, network interface hardware 134, a data storage component 136 (which stores template data 138 a and program data 138 b), and the memory component 140. The memory component 140 may be configured as volatile and/or nonvolatile memory and, as such, may include random access memory (including SRAM, DRAM, and/or other types of RAM), flash memory, registers, compact discs (CD), digital versatile discs (DVD), and/or other types of non-transitory computer-readable mediums. Depending on the particular embodiment, the non-transitory computer-readable medium may reside within the user computing device 102 and/or external to the user computing device 102.

Additionally, the memory component 140 may be configured to store operating logic 142, the template logic 144 a, and the mining tool 144 b, each of which may be embodied as a computer program, firmware, and/or hardware, as an example. A local communications interface 146 is also included in FIG. 1 and may be implemented as a bus or other interface to facilitate communication among the components of the user computing device 102.

The processor 130 may include any processing component operable to receive and execute instructions (such as from the data storage component 136 and/or memory component 140). The input/output hardware 132 may include and/or be configured to interface with a monitor, keyboard, mouse, printer, camera, microphone, speaker, and/or other device for receiving, sending, and/or presenting data. The network interface hardware 134 may include and/or be configured for communicating with any wired or wireless networking hardware, a satellite, an antenna, a modem, LAN port, wireless fidelity (Wi-Fi) card, WiMax card, mobile communications hardware, and/or other hardware for communicating with other networks and/or devices. From this connection, communication may be facilitated between the user computing device 102 and other computing devices, such as a vehicle computing device.

Similarly, it should be understood that the data storage component 136 may reside local to and/or remote from the user computing device 102 and may be configured to store one or more pieces of data for access by the user computing device 102 and/or other components. In some embodiments, the data storage component 136 may be located remotely from the user computing device 102 and thus accessible via the network 100. In some embodiments however, the data storage component 136 may merely be a peripheral device, but external to the user computing device 102.

Included in the memory component 140 are the operating logic 142, the template logic 144 a, and the mining tool 144 b. The operating logic 142 may include an operating system and/or other software for managing components of the user computing device 102. Similarly, the template logic 144 a may be configured to cause the user computing device 102 to utilize the template data 138 a for creating a template requirement from natural language. The mining tool 144 b may cause the user computing device 102 to implement the block diagram model for determining the inferred requirements.

It should be understood that the components illustrated in FIG. 1 are merely exemplary and are not intended to limit the scope of this disclosure. While the components in FIG. 1 are illustrated as residing within the user computing device 102, this is merely an example. In some embodiments, one or more of the components may reside external to the user computing device 102.

FIG. 2 depicts a functional block diagram illustrating operation of the mining tool, according to embodiments disclosed herein. Included is the mining tool 144 b, which includes a parameter synthesis tool 244 a and a falsification tool 244 b. Specifically, embodiments disclosed herein are configured such that the inputs to the mining tool 144 b are the control block diagram model 210, random simulation traces 202 that are derived from simulating the control block diagram model 210, and a template requirement 204, which is a parametric-STL property in which certain values are left unspecified.

Specifically, when a designer is testing the control block diagram model 210 the user computing device 102 may provide the designer with a user interface (or more than one user interface) for inputting a natural language expression of a temporal property. The user interfaces may include a templated form for the designer to input the characteristics. As will be understood, the templated requirement may include an undefined value (one or more). As an example, the designer may input that eventually between time 0 and time t₁, the signal x is less than v₁, and from that point for t₂ seconds, it remains less than v₂. As the designer will not likely know values for the values for t₁, t₂, v₁, and v₂ (also referred to as parameters), these values will be determined by the mining tool 144 b.

Once the designer has inputted the natural language expression, the user computing device 102 may determine a parametric-STL expression for the natural language expression. The above property would be expressed as: ⋄_([0,t) ₁ ^(])(x<v₁Λ□_([0,t) ₂ ^(])(x<v₂)), which will be sent as the template requirement 204 to the parameter synthesis tool 244 a.

As illustrated, the mining tool 144 b may receive the random simulation traces 202, as well as the template requirement 204. The random simulation traces 202 may be obtained by simulating the closed loop system and determining values that result. With the template requirement 204 and the random simulation traces 202, the parameter synthesis tool 244 a can search the parameter space to find one or more optimal parameter values that suggests that the temporal requirement is obtained by instantiating the template requirement 204 with the values satisfied by all of the random simulation traces 202. With this information, the parameter synthesis tool 244 a can create a candidate requirement 206, which is the instantiated template requirement.

Specifically, the parameter synthesis tool 244 a may receive the random simulation traces 202 and the template requirement 204 and determines the values that will cause the template requirement to be true. Referring to the example above, the parameters t₁, t₂, v₁, and v₂ were unspecified by the designer. Thus, the parameter synthesis tool 244 a utilizes the random simulation traces 202 (which represent values resulting from a simulation of the control block diagram model 210) to determine values for t₁, t₂, v₁, and v₂ that potentially make the template requirement 204 valid. These values are referred to as the candidate requirement 206.

It should be understood that the parameter synthesis tool 244 a may also be configured to improve efficiency by utilizing monotonicity for the satisfaction of the parametric-STL formula. Specifically, when the template requirement 204 and random simulation traces 202 are utilized to determine candidate requirements, the parameter synthesis tool 244 a may utilize a process for neglecting certain aspects of the random simulation traces 202. Specifically, if a certain result is inevitable for a particular line or the random simulation traces, the parameter synthesis tool 244 a may improve efficiency by neglecting those portions where the result is inevitable.

The candidate requirement 206 is then utilized by the falsification tool 244 b, which also receives the control block diagram model 210 to determine whether any counterexamples to the candidate requirement 206 exist. Specifically, the falsification tool 244 b utilizes the candidate requirement 206 in the control block diagram model 210 to determine if there are any scenarios where the candidate requirements do not yield a valid result (e.g., that the template requirement 204 is not true). If the falsification tool 244 b determines a counterexample, the corresponding counterexample traces 208 are sent as a feedback to the parameter synthesis tool 244 a. The parameter synthesis tool then utilizes the counterexample traces 208 with the random simulation traces 208 to find a candidate requirement that fulfills the template requirement 204, with the counterexample being considered. If the falsification tool 244 b determines that no counterexamples exist (or that no additional counterexamples exist), an inferred requirement 212 is generated and sent to output. The inferred requirement 212 represents the values of the parameters that fulfill the template requirement 204.

As illustrated, the control block diagram model 210 represents a hybrid system that may be utilized for describing the evolving behavior of a mixture of continuous-valued and discrete-valued program variables. In general, the control block diagram model 210 can be used to represent differential, algebraic, and/or logical equations that describe the closed loop system. The semantics of the control block diagram model 210 are vastly different from the semantics of a software program. As an example, a module in such a model may continuously process inputs, producing outputs. Thus, the kinds of requirements expected of such a model are incompatible with most traditional software targeted by existing specification mining tools.

FIG. 3 depicts a flowchart for mining a temporal requirement from a block diagram model of a closed loop control system, according to embodiments disclosed herein. As illustrated in block 330, the closed-loop system is simulated to obtain a set of simulation traces. In block 332, a candidate requirement may be created by instantiating a template requirement with values of the simulation traces to locate parameter values that suggests that the temporal requirement is obtained. The temporal requirement may include a parametric-signal-temporal-logic property. In block 334, a determination may be made regarding whether a counterexample to the candidate requirement exists. If so, in block 336, the counterexample to the candidate requirement may be obtained and added to the simulation traces for inspection. From block 336, the process may return to block 330. If in block 334, there are no existing counterexamples, in block 336, the process may be terminated with an inferred requirement.

As described above, embodiments disclosed herein include a counterexample-guided process to mine STL requirements for control block-diagram models. This process is applied on models of unprecedented complexity, such as an actual design of a large control subsystem for a diesel engine. Accordingly, embodiments disclosed herein introduce the notion of monotonicity of the satisfaction of a Parametric-STL formula as an extension of the notion of polarity. This procedure may be based on binary search for synthesizing parameters for Parametric-STL properties that respect the monotonicity assumption.

While particular embodiments and aspects of the present disclosure have been illustrated and described herein, various other changes and modifications can be made without departing from the spirit and scope of the disclosure. Moreover, although various aspects have been described herein, such aspects need not be utilized in combination. Accordingly, it is therefore intended that the appended claims cover all such changes and modifications that are within the scope of the embodiments shown and described herein.

It should now be understood that embodiments disclosed herein includes systems, methods, and non-transitory computer-readable mediums for mining a temporal requirement. As discussed above, such embodiments are configured to determine a template requirement, as well as values for including in the template requirement. It should also be understood that these embodiments are merely exemplary and are not intended to limit the scope of this disclosure. 

What is claimed is:
 1. A method for mining a temporal requirement from a block diagram model of a closed loop control system, comprising: simulating the closed loop control system of a vehicle to obtain simulation traces; determining a candidate requirement by instantiating a template requirement with values of the simulation traces to locate parameter values that suggest that the template requirement is fulfilled, wherein the template requirement includes an undefined value; determining whether a counterexample to the candidate requirement exists; and in response to determining that the counterexample to the candidate requirement exists, obtaining the counterexample to the candidate requirement and adding the counterexample to the simulation traces for inspection.
 2. The method of claim 1, wherein, in response to determining that a counterexample to the candidate requirement does not exist, outputting an inferred requirement, wherein the inferred requirement defines the undefined value.
 3. The method of claim 1, wherein the method repeats until no more counterexamples are found to exist.
 4. The method of claim 1, wherein the block diagram model is utilized to determine whether a counterexample to the candidate requirement exists and wherein the block diagram model describes evolving behavior of continuous-valued and discrete valued program variables of a computer program of the vehicle.
 5. The method of claim 1, wherein the block diagram model represents at least one of the following: differential equations, algebraic equations, and logical equations.
 6. The method of claim 1, wherein the template requirement is represented in Parametric-signal-temporal-logic.
 7. The method of claim 1, further comprising: providing a user interface for a designer to provide a natural language expression; and creating the template requirement from the natural language expression.
 8. A system for mining a temporal requirement from a block diagram model of a closed loop control system, comprising: a parameter synthesis tool for receiving random simulation traces and a template requirement, the parameter synthesis tool creating a candidate requirement by instantiating the template requirement with values of the random simulation traces to locate parameter values that suggests that the temporal requirement is obtained; and a falsification tool for receiving the candidate requirement and the and the block diagram model and determining whether a counterexample to the candidate requirement exists and, in response to determining that a counterexample of the candidate requirement exists, adding the counterexample to the random simulation traces for inspection.
 9. The system of claim 8, wherein the falsification tool sends the counterexample as a feedback to the parameter synthesis tool.
 10. The system of claim 9, wherein, in response to determining that a counterexample to the candidate requirement does not exist, the falsification tool outputs an inferred requirement.
 11. The system of claim 8, wherein the block diagram model is utilized to determine whether a counterexample to the candidate requirement exists and wherein the block diagram model describes evolving behavior of continuous-valued and discrete valued program variables of a computer program of the closed loop control system.
 12. The system of claim 8, wherein the block diagram model represents at least one of the following: differential equations, algebraic equations, and logical equations.
 13. The system of claim 8, wherein the system further performs at least the following: provide a user interface for a designer to provide a natural language expression; and create the template requirement from the natural language expression.
 14. The system of claim 8, wherein the temporal requirement comprises a parametric-signal-temporal-logic property in which a value is left unspecified.
 15. A computing device for mining a temporal requirement from a block diagram model of a closed loop control system, comprising a memory that stores logic that, when executed by the computing device, causes the computing device to perform at least the following: determine a template requirement from a natural language expression received from a designer, the template requirement including an undefined value; simulate the closed loop control system of an automobile to obtain simulation traces; create a candidate requirement by instantiating the template requirement with values of the simulation traces to locate parameter values that suggests that the temporal requirement is obtained; determine whether a counterexample to the candidate requirement exists; in response to determining that the counterexample to the candidate requirement exists, obtain the counterexample to the candidate requirement and add the counterexample to the simulation traces for inspection; and in response to determining that a counterexample to the candidate requirement does not exist, the computing device determines an inferred requirement.
 16. The computing device of claim 15, wherein the method repeats until no additional counterexamples are found to exist.
 17. The computing device of claim 16, wherein the block diagram model is utilized to determine whether a counterexample to the candidate requirement exists and wherein the block diagram model describes evolving behavior of continuous-valued and discrete valued program variables of a computer program of the closed loop control system.
 18. The computing device of claim 15, wherein the block diagram model represents at least one of the following: differential equations, algebraic equations, and logical equations.
 19. The computing device of claim 15, wherein the logic further causes the computing device to perform at least the following: provide a user interface for the designer to provide the natural language expression; and create the template requirement from the natural language expression.
 20. The computing device of claim 15, wherein the template requirement comprises a parametric-signal-temporal-logic property in which a value is left unspecified. 